In a 5th Generation (5G) system, a terminal may access an Access and Mobility Management Function (AMF) node via only a 3rd Generation Partnership Project (3GPP) access technology, or via only a non-3GPP (non-3GPP) access technology, or via both a 3GPP access technology and a non-3GPP access technology. When the terminal accesses the AMF node via both the 3GPP access technology and the non-3GPP access technology, there are two non-access stratum (NAS) connection links between the terminal and the AMF node at the same time. If the terminal uses one set of NAS keys and one set of NAS COUNTs to separately protect the two connection links, the following case may occur: the AMF node first receives a relatively small NAS COUNT transmitted through one link, and then receives a relatively large NAS COUNT transmitted through the other link. Consequently, a replay attack occurs, resulting in a problem of relatively poor data security of NAS connection link transmission between the terminal and the AMF node. Therefore, when a plurality of NAS connection links exist between the terminal and the AMF node, how to perform security protection on the plurality of NAS connection links is an urgent problem to be resolved.